Heartbleed flaw could be used to hack into businesses’ internal networks and steal valuable data. The list of potentially vulnerable internal assets is massive — everything from web servers for mission-critical applications to SSL-enabled services such as FTP over SSL, VOIP phones, printers, VPN servers, and VPN clients. Some lower-profile devices may not ever receive vendor patches, and legacy systems could get lost in the patch shuffle. “We still don’t have definite consensus on how bad this [Heartbleed] is yet,” says Damon Rouse, director of IT for the defense and government contractor Epsilon Systems.”]
Source: https://www.darkreading.com/analytics/heartbleed-s-intranet-vpn-connection